PT-2023-21025 · Sourcecodester · Sourcecodester Loan Management System
Kai Wang
·
Published
2023-03-24
·
Updated
2024-11-26
·
CVE-2023-27242
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
SourceCodester Loan Management System version 1.0
Description
The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability can be exploited via the
Type parameter under the Edit Loan Types module.Recommendations
For SourceCodester Loan Management System version 1.0, avoid using the
Type parameter in the Edit Loan Types module until the issue is resolved. As a temporary workaround, consider restricting access to the Edit Loan Types module to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sourcecodester Loan Management System